Professional Documents
Culture Documents
m
er as
co
eH w
o.
rs e
ou urc
o
aC s
Student Name
ed d
ar stu
University
sh is
Th
This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00
https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
COMPARISON OF OWASP AND OSSTMM
The two types of penetrating testing are OSSTMM and OWASP that are used for
testing different computer systems and devices in order to find weaknesses and vulnerabilities
that an attacker will find with legal permission of finding them. There are many advantages
and disadvantages of using these types and they are opted according to the situation or
condition.
OSSTMM stands for Open Source Security Testing Methodology Manual. Its last
edition was revised in 2010. OSSTMM mainly includes the testing methods and strategies
that are used to test any type of systems, software, applications etc. Like the other testing
m
methods, OSSTMM is used in computer systems in order to keep the devices and programs
er as
co
according to the requirements, error free and up to the expectations of the customers. The
eH w
o.
most significant areas that it covers are security, ethical hacking, testing, and security
rs e
ou urc
assessment (Kang, Cho, Shin & Kim, 2015). The test modules are available in OSSTMM
which are communication security testing, physical security testing, internet technology
o
security setting and process security testing. The further working is being done on OSSTMM
aC s
v i y re
if we consider the high-level research focus but several things are untouched like
management, tools and technological advancements. The proper management of tests is not
ed d
ar stu
discussed that leads to bad planning and unexpected results. It becomes a reason of many
problems that can occur in the final stages. In addition to this, it is not easy to use and the
sh is
integration in the context of IT management OSSTMM does not provide adequate services.
Th
Also, technical descriptions, tools, and threat analysis are not providing good results.
Additionally, the latest versions require the paid subscription that adds hindrance. This proves
as a hindrance for the people who cannot afford the paid subscription but they want to use the
service.
Apart from the disadvantages of the OSSTMM approach, the satisfactory factors that
provide good appearance are scalability and coverage by OSSTMM. It provides flexibility for
This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00
https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
COMPARISON OF OWASP AND OSSTMM
pen testers during testing phases. The utilization of OSSTMM provides a deep understanding
of interconnected things. The interconnection of things requires interactions that can be direct
or passive. It is easier to modify according to organizational needs. Also, frequent updates are
available according to new versions. Thus, keeping in view the advantages of this approach, it
OWASP stands for Open Web Application Security Project. OWASP includes the
different software development life cycles and it is made up of many different phases. It
mainly focuses on improvement of web security and services. A community of web security
m
development tools was built that provides much ease to developers and contributors. It was
er as
co
last revised in 2014.OWASP technical level descriptions are very strong. It provides large
eH w
o.
scalability and tools for development or testing (Klíma, 2016). It is easy to use and threat
rs e
ou urc
analysis is judged partially during the testing phase. In addition to this, its main success factor
is that it is free and open. The website is not run for profit and is not driven for any
o
commercial purposes. While another side of the story is that OWASP coverage is not on large
aC s
v i y re
As all the pros and cons of penetrating tests are discussed but there is not a single
ed d
ar stu
approach that covers all areas of research and tests. The final results due to these weaknesses
are not easily comparable and all the security level approaches are average standards for
sh is
measuring these parameters. Further research and improvement are focused on combining the
Th
existing sets of standards with Penetration Testing Execution Standard which is also a
comprehensive description of different testing processes. It aims to cover the negative points
of the testing methods and provide the best possible results using the latest methods.
This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00
https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
COMPARISON OF OWASP AND OSSTMM
References
Kang, Y., Cho, H., Shin, Y., & Kim, J. (2015). Comparative Study of Penetration Test
m
er as
co
eH w
o.
rs e
ou urc
o
aC s
v i y re
ed d
ar stu
sh is
Th
This study source was downloaded by 100000802316591 from CourseHero.com on 06-04-2021 16:26:31 GMT -05:00
https://www.coursehero.com/file/31813583/Computer-Science-274408443docx/
Powered by TCPDF (www.tcpdf.org)